<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="zh-CN" lang="zh-CN">
<head>
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
	<meta name="viewport" content="width=device-width, initial-scale=1.0">
	<meta name="keywords" content="SecWiki，维基，安全，资讯，专题，导航，RSS聚合，Ｗeb安全，Ｗeb安全，移动平台，二进制安全，恶意分析，网络安全，设备安全，运维技术，编程技术，书籍推荐">
	<title>SecWiki周刊（第164期)</title>
	<link rel="stylesheet" type="text/css" href="https://secwiki.b0.upaiyun.com/css/bootstrap.css"/>
    <link rel="stylesheet" type="text/css" href="https://secwiki.b0.upaiyun.com/css/styles.css" />
    <link rel="stylesheet" type="text/css" href="https://secwiki.b0.upaiyun.com/css/people.css" />
    <link rel="shortcut icon" href="https://secwiki.b0.upaiyun.com/img/favicon.ico">
	<meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <script src="//upcdn.b0.upaiyun.com/libs/jquery/jquery-1.8.3.min.js"></script>
</head>

<body>
<div class="navbar navbar-fixed-top"><div class="navbar-inner"><div class="container"><a class="btn btn-navbar" data-toggle="collapse" data-target="#yii_bootstrap_collapse_0"><span class="icon-bar"></span><span class="icon-bar"></span><span class="icon-bar"></span></a><a href="/index.php" class="brand"><img src="https://secwiki.b0.upaiyun.com/logo.jpg" alt="" /></a><div class="nav-collapse collapse" id="yii_bootstrap_collapse_0"><form class="navbar-search pull-right" action="/news/search">
         <input type="text" class="search-query span2" name="wd" placeholder="SecWiki">
        </form>
    	<ul id="yw0" class="nav"><li><a href="/index.php">首页</a></li><li><a href="/event">新闻</a></li><li><a href="/news">技术</a></li><li><a href="/skill">技能</a></li><li><a href="/topic">专题</a></li><li><a href="/book">书籍</a></li><li><a href="/user/members">成员</a></li><li><a href="/opml/index">聚合</a></li><li><a href="/tougao/create">投稿</a></li></ul></div></div></div></div>
<div class="container" id="page">
			<!-- breadcrumbs -->
	
    <div style="margin-left: 15px;">
	    <div class="row-fluid">
    <div id="content">
            <link rel="stylesheet" type="text/css" href="/css/mweekly.css"/>

<h5><strong>SecWiki周刊（第164期）</strong></h5>
<blockquote> 2017/04/17-2017/04/23</blockquote>
<section id="news">
    <div class="weeklydivide">
      <strong>安全资讯</strong>
    </div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>任意伪造域名-你能分辨出钓鱼网站的域名吗<br><a target="_blank" href="http://m.bobao.360.cn/learning/appdetail/3736.html">http://m.bobao.360.cn/learning/appdetail/3736.html</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>App Store 刷榜黑幕大揭秘<br><a target="_blank" href="https://mp.weixin.qq.com/s/vQv_a4eCP_-NHJPlevhKaw">https://mp.weixin.qq.com/s/vQv_a4eCP_-NHJPlevhKaw</a></div></section><section id="news">
    <div class="weeklydivide">
      <strong>安全技术</strong>
    </div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>学习使用Clang Libfuzzer Fuzz C/Cpp代码<br><a target="_blank" href="https://github.com/Dor1s/libfuzzer-workshop/tree/master/lessons">https://github.com/Dor1s/libfuzzer-workshop/tree/master/lessons</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>NSA Eternalblue SMB 漏洞分析<br><a target="_blank" href="http://blogs.360.cn/360safe/2017/04/17/nsa-eternalblue-smb/">http://blogs.360.cn/360safe/2017/04/17/nsa-eternalblue-smb/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Esteemaudit漏洞复现过程<br><a target="_blank" href="http://www.freebuf.com/articles/system/132171.html">http://www.freebuf.com/articles/system/132171.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Apache Log4j反序列化漏洞(CVE-2017-5645)<br><a target="_blank" href="http://thief.one/2017/04/19/2/">http://thief.one/2017/04/19/2/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>CVE-2017-0199漏洞复现过程<br><a target="_blank" href="http://mp.weixin.qq.com/s/NQxeuoULv7Htrzc5nYuglw">http://mp.weixin.qq.com/s/NQxeuoULv7Htrzc5nYuglw</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Eternalromance (永恒浪漫) 漏洞分析<br><a target="_blank" href="http://blogs.360.cn/360safe/2017/04/19/eternalromance-analyze/">http://blogs.360.cn/360safe/2017/04/19/eternalromance-analyze/</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>NSA/fuzzbunch<br><a target="_blank" href="https://github.com/fuzzbunch/fuzzbunch">https://github.com/fuzzbunch/fuzzbunch</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>leakPasswd: Python 密码泄露查询模块<br><a target="_blank" href="https://github.com/lauixData/leakPasswd">https://github.com/lauixData/leakPasswd</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>Boostnote：开源的程序员专属笔记应用工具<br><a target="_blank" href="https://boostnote.io/#download">https://boostnote.io/#download</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>sicklepoc:Web扫描器开源<br><a target="_blank" href="http://www.codersec.net/2017/04/sicklepoc%E5%BC%80%E6%BA%90/">http://www.codersec.net/2017/04/sicklepoc%E5%BC%80%E6%BA%90/</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>Linux、Windows提权命令速记<br><a target="_blank" href="http://im1gd.me/2017/03/30/linux/">http://im1gd.me/2017/03/30/linux/</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>基于Python与Face++实现人脸识别<br><a target="_blank" href="http://www.freebuf.com/articles/terminal/131755.html">http://www.freebuf.com/articles/terminal/131755.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Web Service 渗透测试从入门到精通<br><a target="_blank" href="http://bobao.360.cn/learning/detail/3741.html">http://bobao.360.cn/learning/detail/3741.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>浅谈漏洞挖掘及代码审计(一)<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzI4NjEyMDk0MA==&amp;mid=2649846516&amp;idx=1&amp;sn=5b6ad8c01668ae9003f373e4eafe5d4f&amp;chksm=f3e41c77c49395614c45be09b79316c5bdea4f19261d9179e9a021e7b8eb83e247896a56a3f8&amp;mpshare=1&amp;scene=1&amp;srcid=0421OGxIsWyMHknwlle2T7Mg&amp;key=b7f28e3">https://mp.weixin.qq.com/s?__biz=MzI4NjEyMDk0MA==&amp;mid=2649846516&amp;idx=1&amp;sn=5b6ad8c01668ae9003f373e4eafe5d4f&amp;chksm=f3e41c77c49395614c45be09b79316c5bdea4f19261d9179e9a021e7b8eb83e247896a56a3f8&amp;mpshare=1&amp;scene=1&amp;srcid=0421OGxIsWyMHknwlle2T7Mg&amp;key=b7f28e3</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>D2T4 - Emmanuel Gadaix - A Surprise Encounter With a Telco APT<br><a target="_blank" href="https://conference.hitb.org/hitbsecconf2017ams/materials/D2T4%20-%20Emmanuel%20Gadaix%20-%20A%20Surprise%20Encounter%20With%20a%20Telco%20APT.pdf">https://conference.hitb.org/hitbsecconf2017ams/materials/D2T4%20-%20Emmanuel%20Gadaix%20-%20A%20Surprise%20Encounter%20With%20a%20Telco%20APT.pdf</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>weibo_terminater: 微博终结者爬虫<br><a target="_blank" href="https://github.com/jinfagang/weibo_terminater">https://github.com/jinfagang/weibo_terminater</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>python-uncompyle6: Python 反编译工具<br><a target="_blank" href="https://github.com/rocky/python-uncompyle6">https://github.com/rocky/python-uncompyle6</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>深入分析NSA用了5年的IIS漏洞<br><a target="_blank" href="http://xlab.tencent.com/cn/2017/04/18/nsa-iis-vulnerability-analysis/">http://xlab.tencent.com/cn/2017/04/18/nsa-iis-vulnerability-analysis/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>MySQL注入攻击与防御 <br><a target="_blank" href="http://blog.sycsec.com/?p=1005">http://blog.sycsec.com/?p=1005</a></div><div class="single"><span id="tags">[文档]&nbsp;&nbsp;</span>Benchmarks: 常用服务器、数据库、中间件安全配置基线<br><a target="_blank" href="https://github.com/re4lity/Benchmarks">https://github.com/re4lity/Benchmarks</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>NSA Explodingcan 漏洞分析与调试<br><a target="_blank" href="http://mp.weixin.qq.com/s/onK68ANqHHtEMLITOfacmg">http://mp.weixin.qq.com/s/onK68ANqHHtEMLITOfacmg</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>子域名挖掘修改版<br><a target="_blank" href="http://im1gd.me/2016/12/20/subdomain/">http://im1gd.me/2016/12/20/subdomain/</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Exploit toolkit CVE-2017-0199 - v2.0<br><a target="_blank" href="https://github.com/bhdresh/CVE-2017-0199">https://github.com/bhdresh/CVE-2017-0199</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>Black Hat Python: Infinite possibilities with the Scapy Module<br><a target="_blank" href="http://bt3gl.github.io/black-hat-python-infinite-possibilities-with-the-scapy-module.html">http://bt3gl.github.io/black-hat-python-infinite-possibilities-with-the-scapy-module.html</a></div><div class="single"><span id="tags">[杂志]&nbsp;&nbsp;</span>【重磅推荐】安全客2017季刊第一期新鲜出炉！<br><a target="_blank" href="http://bobao.360.cn/news/detail/4101.html">http://bobao.360.cn/news/detail/4101.html</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Edge – SOP bypass courtesy of the reading mode<br><a target="_blank" href="https://www.brokenbrowser.com/sop-bypass-abusing-read-protocol/">https://www.brokenbrowser.com/sop-bypass-abusing-read-protocol/</a></div><div class="single"><span id="tags">[书籍]&nbsp;&nbsp;</span>安全相关免费电子书集合<br><a target="_blank" href="https://github.com/Hack-with-Github/Free-Security-eBooks-from-PacktPub">https://github.com/Hack-with-Github/Free-Security-eBooks-from-PacktPub</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>木马实现技术概述<br><a target="_blank" href="http://im1gd.me/2017/03/30/%E6%9C%A8%E9%A9%AC%E5%AE%9E%E7%8E%B0%E6%8A%80%E6%9C%AF%E6%A6%82%E8%BF%B0/">http://im1gd.me/2017/03/30/%E6%9C%A8%E9%A9%AC%E5%AE%9E%E7%8E%B0%E6%8A%80%E6%9C%AF%E6%A6%82%E8%BF%B0/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Cheetah:一款基于字典的webshell密码爆破工具<br><a target="_blank" href="https://github.com/sunnyelf/cheetah/blob/master/README_zh.md">https://github.com/sunnyelf/cheetah/blob/master/README_zh.md</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>Windows绝赞应用<br><a target="_blank" href="https://emlvirus.gitbooks.io/windows-apps-that-amaze-us/">https://emlvirus.gitbooks.io/windows-apps-that-amaze-us/</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>GitLab 的员工手册-远程办公协作<br><a target="_blank" href="https://about.gitlab.com/handbook/">https://about.gitlab.com/handbook/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>每周技术分享第三期--科普WAF<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MjM5NDM1OTM0Mg==&amp;mid=2651050493&amp;idx=1&amp;sn=1d81ff6aff52fa93f329522021bf93e0&amp;scene=0#wechat_redirect">https://mp.weixin.qq.com/s?__biz=MjM5NDM1OTM0Mg==&amp;mid=2651050493&amp;idx=1&amp;sn=1d81ff6aff52fa93f329522021bf93e0&amp;scene=0#wechat_redirect</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>通过云Fuzz挖掘TCPDump的漏洞<br><a target="_blank" href="https://www.softscheck.com/en/identifying-security-vulnerabilities-with-cloud-fuzzing/">https://www.softscheck.com/en/identifying-security-vulnerabilities-with-cloud-fuzzing/</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>doublepulsar-c2-traffic-decryptor: 网络层检测DOUBLEPULSAR攻击<br><a target="_blank" href="https://github.com/countercept/doublepulsar-c2-traffic-decryptor">https://github.com/countercept/doublepulsar-c2-traffic-decryptor</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>A quick analysis of the latest Shadow Brokers dump	<br><a target="_blank" href="https://labs.nettitude.com/blog/a-quick-analysis-of-the-latest-shadow-brokers-dump/">https://labs.nettitude.com/blog/a-quick-analysis-of-the-latest-shadow-brokers-dump/</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>通过APC实现Dll注入——绕过Sysmon监控<br><a target="_blank" href="http://www.4hou.com/technology/4393.html">http://www.4hou.com/technology/4393.html</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>python奇技淫巧<br><a target="_blank" href="http://thief.one/2017/04/19/1/">http://thief.one/2017/04/19/1/</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>android 安全编码指南<br><a target="_blank" href="http://www.jssec.org/dl/android_securecoding_en.pdf">http://www.jssec.org/dl/android_securecoding_en.pdf</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>Android malware anti-emulation techniques<br><a target="_blank" href="https://blogs.sophos.com/2017/04/13/android-malware-anti-emulation-techniques/">https://blogs.sophos.com/2017/04/13/android-malware-anti-emulation-techniques/</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>浅谈linux安全加固<br><a target="_blank" href="http://mp.weixin.qq.com/s/y8np-sFzik15x09536QA5w">http://mp.weixin.qq.com/s/y8np-sFzik15x09536QA5w</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>Android漏洞测试套件<br><a target="_blank" href="https://github.com/AndroidVTS/android-vts">https://github.com/AndroidVTS/android-vts</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>THUOCL：清华大学开放中文词库<br><a target="_blank" href="http://thuocl.thunlp.org/">http://thuocl.thunlp.org/</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>Twitter账户活动情况分析工具 – Simple Twitter Profile Analyzer<br><a target="_blank" href="http://www.freebuf.com/sectool/131658.html">http://www.freebuf.com/sectool/131658.html</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>2016-2017年第一季度工业控制网络安全态势白皮书<br><a target="_blank" href="http://www.freebuf.com/articles/paper/131812.html">http://www.freebuf.com/articles/paper/131812.html</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>深度！近期所谓“优酷数据泄露事件”的客观事实还原<br><a target="_blank" href="http://www.4hou.com/info/observation/4408.html">http://www.4hou.com/info/observation/4408.html</a></div><div class="single"><span id="tags">[无线安全]&nbsp;&nbsp;</span>全面监听：以斯塔西的名义<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzIzMzE2OTQyNA==&amp;mid=2648946510&amp;idx=1&amp;sn=7320198c7519aeb2f15a1f0e13b3c4eb&amp;scene=0#wechat_redirect">https://mp.weixin.qq.com/s?__biz=MzIzMzE2OTQyNA==&amp;mid=2648946510&amp;idx=1&amp;sn=7320198c7519aeb2f15a1f0e13b3c4eb&amp;scene=0#wechat_redirect</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>VulnTrack <br><a target="_blank" href="https://www.soldierx.com/sxlabs/VulnTrack">https://www.soldierx.com/sxlabs/VulnTrack</a></div><div class="single"><span id="tags">[文档]&nbsp;&nbsp;</span>2016年网络安全威胁的回顾与展望<br><a target="_blank" href="http://www.antiy.com/response/2016_Antiy_Annual_Security_Report/2016_Antiy_Annual_Security_Report.pdf">http://www.antiy.com/response/2016_Antiy_Annual_Security_Report/2016_Antiy_Annual_Security_Report.pdf</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Magnitude EK delivers Cerber | Zerophage Malware<br><a target="_blank" href="https://zerophagemalware.com/2017/04/21/magnitude-ek-delivers-cerber/">https://zerophagemalware.com/2017/04/21/magnitude-ek-delivers-cerber/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>encoding-web-shells-in-png-idat-chunks<br><a target="_blank" href="https://www.idontplaydarts.com/2012/06/encoding-web-shells-in-png-idat-chunks/">https://www.idontplaydarts.com/2012/06/encoding-web-shells-in-png-idat-chunks/</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>All videos of Android Security Symposium 2017<br><a target="_blank" href="https://www.youtube.com/playlist?list=PL61IkVbNYniXoAXEFtftfElcSDNZoCLpe">https://www.youtube.com/playlist?list=PL61IkVbNYniXoAXEFtftfElcSDNZoCLpe</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Automating APT Scanning with Loki Scanner and Splunk<br><a target="_blank" href="http://www.redblue.team/2017/04/automating-apt-scanning-with-loki.html">http://www.redblue.team/2017/04/automating-apt-scanning-with-loki.html</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>百度网盘自动添加资源项目(更新GUI版本)<br><a target="_blank" href="https://github.com/tengzhangchao/BaiDuPan">https://github.com/tengzhangchao/BaiDuPan</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>The Shadow over Android Heap exploitation assistance for Android’s libc allocato<br><a target="_blank" href="https://census-labs.com/media/shadow-infiltrate-2017.pdf">https://census-labs.com/media/shadow-infiltrate-2017.pdf</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Metasploit Framework docker 版本<br><a target="_blank" href="https://github.com/phocean/dockerfile-msf">https://github.com/phocean/dockerfile-msf</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Malcom Malware Communication Analyzer y Bro IDS. Parte I<br><a target="_blank" href="https://seguridadyredes.wordpress.com/2014/01/27/visualizacion-y-analisis-de-trafico-de-red-con-malcom-malware-communication-analyzer-y-bro-ids-parte-i/">https://seguridadyredes.wordpress.com/2014/01/27/visualizacion-y-analisis-de-trafico-de-red-con-malcom-malware-communication-analyzer-y-bro-ids-parte-i/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>SSL&amp;TLS安全测试<br><a target="_blank" href="https://www.aptive.co.uk/blog/tls-ssl-security-testing/">https://www.aptive.co.uk/blog/tls-ssl-security-testing/</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>[0day] Text/Plain Considered Harmful <br><a target="_blank" href="https://jankopecky.net/index.php/2017/04/18/0day-textplain-considered-harmful/">https://jankopecky.net/index.php/2017/04/18/0day-textplain-considered-harmful/</a></div><div class="single"><span id="tags">[杂志]&nbsp;&nbsp;</span>SecWiki周刊（第163期)<br><a target="_blank" href="https://www.sec-wiki.com/weekly/163">https://www.sec-wiki.com/weekly/163</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>Run virtual routers with docker <br><a target="_blank" href="https://github.com/plajjan/vrnetlab">https://github.com/plajjan/vrnetlab</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>awesome-cve-poc:A curated list of CVE PoCs<br><a target="_blank" href="https://github.com/qazbnm456/awesome-cve-poc">https://github.com/qazbnm456/awesome-cve-poc</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Tamper Chrome<br><a target="_blank" href="https://github.com/google/tamperchrome">https://github.com/google/tamperchrome</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>jSQL Injection: herramienta automatizada en Java para realizar ataques SQL<br><a target="_blank" href="http://blog.elhacker.net/2017/04/jsql-injection-herramienta-automatizada-java-ataques-inyeccion-sql.html">http://blog.elhacker.net/2017/04/jsql-injection-herramienta-automatizada-java-ataques-inyeccion-sql.html</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>长城宽带内网严重隐患：边界模糊不清<br><a target="_blank" href="http://www.4hou.com/technology/4411.html">http://www.4hou.com/technology/4411.html</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Exploit Monday: Updating Device Guard Code Integrity Policies<br><a target="_blank" href="http://www.exploit-monday.com/2016/12/updating-device-guard-code-integrity.html?m=1">http://www.exploit-monday.com/2016/12/updating-device-guard-code-integrity.html?m=1</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>ARM Releases Machine Readable Architecture Specification<br><a target="_blank" href="https://alastairreid.github.io/alastairreid.github.io/ARM-v8a-xml-release/">https://alastairreid.github.io/alastairreid.github.io/ARM-v8a-xml-release/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Into the symmetry: Meh : CSRF in Facebook Delegated Account Recovery<br><a target="_blank" href="http://blog.intothesymmetry.com/2017/04/meh-csrf-in-facbook-delegated-account.html">http://blog.intothesymmetry.com/2017/04/meh-csrf-in-facbook-delegated-account.html</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Chrome and Firefox Phishing Attack Uses Domains Identical to Known Safe Sites<br><a target="_blank" href="https://www.wordfence.com/blog/2017/04/chrome-firefox-unicode-phishing/">https://www.wordfence.com/blog/2017/04/chrome-firefox-unicode-phishing/</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>list-of-waf-security-bypass-research<br><a target="_blank" href="https://www.peerlyst.com/posts/list-of-waf-security-bypass-research-karl-m-1">https://www.peerlyst.com/posts/list-of-waf-security-bypass-research-karl-m-1</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>EternalPulsar实践<br><a target="_blank" href="https://medium.com/@xNymia/eternalpulsar-a-practical-example-of-a-made-up-name-629737170a9e">https://medium.com/@xNymia/eternalpulsar-a-practical-example-of-a-made-up-name-629737170a9e</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>IEETWCollector Arbitrary Directory/File Deletion Pr<br><a target="_blank" href="https://www.exploit-db.com/exploits/41901/">https://www.exploit-db.com/exploits/41901/</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Design flaws in Lastpass 2FA implementation<br><a target="_blank" href="http://www.martinvigo.com/design-flaws-lastpass-2fa-implementation/">http://www.martinvigo.com/design-flaws-lastpass-2fa-implementation/</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>打造免费企业安全：便宜没好货吗？（一）<br><a target="_blank" href="https://eth.space/qi-ye-an-quan-bian-yi-mei-hao-huo-ma-yi/">https://eth.space/qi-ye-an-quan-bian-yi-mei-hao-huo-ma-yi/</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>SEC Consult: Abusing NVIDIA&#039;s node.js to bypass application whitelisting<br><a target="_blank" href="http://blog.sec-consult.com/2017/04/application-whitelisting-application.html">http://blog.sec-consult.com/2017/04/application-whitelisting-application.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>PHP HOOK的若干方法<br><a target="_blank" href="http://blog.csdn.net/u011721501/article/details/70174924">http://blog.csdn.net/u011721501/article/details/70174924</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>EternalPulsar — A practical example of a made up name<br><a target="_blank" href="https://hackernoon.com/eternalpulsar-a-practical-example-of-a-made-up-name-629737170a9e">https://hackernoon.com/eternalpulsar-a-practical-example-of-a-made-up-name-629737170a9e</a></div><div class="single"><span id="tags">[视频]&nbsp;&nbsp;</span>8dot8 on Vimeo<br><a target="_blank" href="https://vimeo.com/secconfchile">https://vimeo.com/secconfchile</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>使用业务和技术有关的上下文对网络威胁情报（CTI）进行排序<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzI4NzU2NjU4NQ==&amp;mid=2247484419&amp;idx=1&amp;sn=a2f2980c5c1d8e028f8fe32d89ee0c82&amp;scene=0#wechat_redirect">https://mp.weixin.qq.com/s?__biz=MzI4NzU2NjU4NQ==&amp;mid=2247484419&amp;idx=1&amp;sn=a2f2980c5c1d8e028f8fe32d89ee0c82&amp;scene=0#wechat_redirect</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>DNS Intrusion Detection in Office 365<br><a target="_blank" href="https://blogs.technet.microsoft.com/office365security/dns-intrusion-detection-in-office-365/">https://blogs.technet.microsoft.com/office365security/dns-intrusion-detection-in-office-365/</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>PowerShell Gallery | PowerShellCookbook 1.3.6<br><a target="_blank" href="https://www.powershellgallery.com/packages/PowerShellCookbook/1.3.6">https://www.powershellgallery.com/packages/PowerShellCookbook/1.3.6</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>Introducing SafeStack in HardenedBSD<br><a target="_blank" href="https://www.soldierx.com/news/Introducing-SafeStack-HardenedBSD">https://www.soldierx.com/news/Introducing-SafeStack-HardenedBSD</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>Studies in AI &amp; Pixels &amp; Waves - #8<br><a target="_blank" href="http://bt3gl.github.io/studies-in-ai-pixels-waves-8.html">http://bt3gl.github.io/studies-in-ai-pixels-waves-8.html</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>A Closer Look at Chrome&#039;s Security: Understanding V8<br><a target="_blank" href="http://bt3gl.github.io/a-closer-look-at-chromes-security-understanding-v8.html">http://bt3gl.github.io/a-closer-look-at-chromes-security-understanding-v8.html</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>Hadoop Security for beginners <br><a target="_blank" href="http://community.cloudera.com/t5/Security-Apache-Sentry/Hadoop-Security-for-beginners/td-p/48576">http://community.cloudera.com/t5/Security-Apache-Sentry/Hadoop-Security-for-beginners/td-p/48576</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>利用机器学习实时对抗Java恶意软件<br><a target="_blank" href="https://blogs.technet.microsoft.com/mmpc/2017/04/20/combating-a-wave-of-java-malware-with-machine-learning-in-real-time/">https://blogs.technet.microsoft.com/mmpc/2017/04/20/combating-a-wave-of-java-malware-with-machine-learning-in-real-time/</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>Introducing CFI in HardenedBSD | SOLDIERX.COM<br><a target="_blank" href="https://www.soldierx.com/news/Introducing-CFI-HardenedBSD">https://www.soldierx.com/news/Introducing-CFI-HardenedBSD</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>Studies in AI &amp; Pixels &amp; Waves - #5<br><a target="_blank" href="http://bt3gl.github.io/studies-in-ai-pixels-waves-5.html">http://bt3gl.github.io/studies-in-ai-pixels-waves-5.html</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>Studies in AI &amp; Pixels &amp; Waves - #10<br><a target="_blank" href="http://bt3gl.github.io/studies-in-ai-pixels-waves-10.html">http://bt3gl.github.io/studies-in-ai-pixels-waves-10.html</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>Studies in AI &amp; Pixels &amp; Waves - #11<br><a target="_blank" href="http://bt3gl.github.io/studies-in-ai-pixels-waves-11.html">http://bt3gl.github.io/studies-in-ai-pixels-waves-11.html</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>EITEST CAMPAIGN RIG EK / HOEFLERTEXT CHROME POPUP<br><a target="_blank" href="http://malware-traffic-analysis.net/2017/04/20/index.html">http://malware-traffic-analysis.net/2017/04/20/index.html</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>Smart TV Hack via the Broadcast Signal<br><a target="_blank" href="https://www.schneier.com/blog/archives/2017/04/smart_tv_hack_v.html">https://www.schneier.com/blog/archives/2017/04/smart_tv_hack_v.html</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>Studies in AI &amp; Pixels &amp; Waves - #6<br><a target="_blank" href="http://bt3gl.github.io/studies-in-ai-pixels-waves-6.html">http://bt3gl.github.io/studies-in-ai-pixels-waves-6.html</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>Ad-LDAP-Enum<br><a target="_blank" href="http://www.kitploit.com/2017/04/ad-ldap-enum-active-directory-ldap.html">http://www.kitploit.com/2017/04/ad-ldap-enum-active-directory-ldap.html</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>Studies in AI &amp; Pixels &amp; Waves - #1 <br><a target="_blank" href="http://bt3gl.github.io/studies-in-ai-pixels-waves-1.html">http://bt3gl.github.io/studies-in-ai-pixels-waves-1.html</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>Studies in AI &amp; Pixels &amp; Waves - #7<br><a target="_blank" href="http://bt3gl.github.io/studies-in-ai-pixels-waves-7.html">http://bt3gl.github.io/studies-in-ai-pixels-waves-7.html</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>Studies in AI &amp; Pixels &amp; Waves - #4<br><a target="_blank" href="http://bt3gl.github.io/studies-in-ai-pixels-waves-4.html">http://bt3gl.github.io/studies-in-ai-pixels-waves-4.html</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Memory corruption in Array concat<br><a target="_blank" href="https://bugs.chromium.org/p/project-zero/issues/detail?id=1095">https://bugs.chromium.org/p/project-zero/issues/detail?id=1095</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>Studies in AI &amp; Pixels &amp; Waves - #9<br><a target="_blank" href="http://bt3gl.github.io/studies-in-ai-pixels-waves-9.html">http://bt3gl.github.io/studies-in-ai-pixels-waves-9.html</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>Studies in AI &amp; Pixels &amp; Waves - #2 <br><a target="_blank" href="http://bt3gl.github.io/studies-in-ai-pixels-waves-2.html">http://bt3gl.github.io/studies-in-ai-pixels-waves-2.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Bypassing Browser Memory Protections<br><a target="_blank" href="https://www.blackhat.com/presentations/bh-usa-08/Sotirov_Dowd/bh08-sotirov-dowd.pdf">https://www.blackhat.com/presentations/bh-usa-08/Sotirov_Dowd/bh08-sotirov-dowd.pdf</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>Studies in AI &amp; Pixels &amp; Waves - #3<br><a target="_blank" href="http://bt3gl.github.io/studies-in-ai-pixels-waves-3.html">http://bt3gl.github.io/studies-in-ai-pixels-waves-3.html</a></div></section>
<section id="news">
        <pre style="margin-top: 15px; margin-bottom: 15px; padding: 6px 10px; max-width: 100%; color: rgb(62, 62, 62); background-color: rgb(255, 255, 255); -webkit-print-color-adjust: exact; border-width: 1px; border-style: solid; border-color: rgb(204, 204, 204); font-size: 13px; line-height: 19px; overflow: auto; border-radius: 3px; box-sizing: border-box !important; word-wrap: break-word !important;"><code class="" style="max-width: 100%; -webkit-print-color-adjust: exact; border-width: initial; border-style: none; border-color: initial; background-color: transparent; border-radius: 3px; box-sizing: border-box !important; word-wrap: break-word !important;">-----微信ID：SecWiki-----
SecWiki，5年来一直专注安全技术资讯分析！
SecWiki：https://www.sec-wiki.com</code></pre>
    <p style="max-width: 100%; min-height: 1em; color: rgb(62, 62, 62); font-size: 16px; white-space: normal; background-color: rgb(255, 255, 255); box-sizing: border-box !important; word-wrap: break-word !important;"><span style="max-width: 100%; font-size: 14px; box-sizing: border-box !important; word-wrap: break-word !important;">本期原文地址:<span style="max-width: 100%; font-family: Helvetica, arial, sans-serif; box-sizing: border-box !important; word-wrap: break-word !important;">&nbsp;<a href="https://www.sec-wiki.com/weekly/164">SecWiki周刊(第164期)</a></span><br style="max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important;"></span></p>
</section>
    </div><!-- content -->
</div>
    </div>
</div>

<div id="footer" class="footer">
		<div class="container"  style="margin-top: 5px;">
			<div class="span3">
				<div class="one-third column">
					<h5 class="title">
					<a target="_blank" href="/about/index">最新公告</a>						<span class="line"></span>
					</h5>
					<p>
						<a href='http://www.sec-wiki.com/about/donate'>2016-01-01 打赏功能开通</a><br>
						<a href='http://www.sec-wiki.com/about/join'>2015-01-05 如何加入SecWiki</a><br>
						<a href='http://www.sec-wiki.com/about/submit'>2014-08-08 如何快捷提交资讯</a><br>
						<a href='http://www.sec-wiki.com/about/index'>2012-07-01 关于SecWiki</a><br>
				</div>
			</div>

			<div class="span5">
				<div class="one-third column">
					<h5 class="title">
						<a target="_blank" href="/nav/index">友情链接</a>						<span class="line"></span>
					</h5>
					<p>
						<a href='https://www.secsilo.com/'>安全沙漏</a>&nbsp;
						<a href='http://www.freebuf.com/'>Freebuf</a>&nbsp;
						<a href='http://www.anquanquan.info/'>安全圈</a>&nbsp;
						<a href='http://navisec.it/'>Navisec</a>&nbsp;
                        <a href='http://das.scusec.org'>小黑屋</a>&nbsp;
                        <a href='http://www.polaris-lab.com/'>勾陈Lab</a>
                        <br>
						<a href='http://www.ijiandao.com'>网络尖刀</a>&nbsp;
                        <a href='http://www.shellpub.com/'>ShellPub</a>&nbsp;
                        <a href='http://www.secpulse.com/?secwiki'>SecPulse</a>&nbsp;
                        <a href='https://www.secquan.org/'>圈子</a>
                        <a href='http://bluereader.org/'>深蓝阅读</a>&nbsp;<br>
                        <a href='http://www.bugbank.cn/'>漏洞银行</a>
                        <a href='http://bobao.360.cn/'>安全客</a>
                        <a href='http://www.secfree.com/'>指尖安全</a>
                        <a href='https://www.easyaq.com/'>E安全</a>
                        <a href='http://www.vipread.com/'>安全slide</a>

                        <a href="/link">更多</a>
					</p>
				</div>
			</div>

			<div class="span2">
			    <div class="one-third column">
					<h5 class="title">
					<a target="_blank" href="/about/index">SecWiki公众号</a>						<span class="line"></span>
					</h5>
					<div style="margin-top:15px; width: 90px; height: 90px;">
						<img src="https://secwiki.b0.upaiyun.com/weixin.jpg">
					</div>
				</div>
			</div>

			<div class="span2">
				<div class="one-third column">
					<h5 class="title">
					<a target="_blank" href="/about/donate">安全学术圈</a>					<span class="line"></span>
					</h5>
					<div style="margin-top:15px; width: 90px; height: 90px;">
						<img src="https://secwiki.b0.upaiyun.com/secquan.jpg">
					</div>
				</div>
			</div>

		</div>
		<div class="container" style="margin-top:5px;margin-bottom: 10px;">
			<div class="span9">
					Copyright &copy;
					2019                    琼ICP备16003361号-4
                    SecWiki
					<a href="/news/rss">
						<img src="/img/rss.gif" border="0" width="36px" height="14px" alt="订阅SecWiki">
					</a>
					<a href="https://www.upyun.com/">
						<img src="https://secwiki.b0.upaiyun.com/upyun.png" width="80" border="0" alt="UPYUN">
					</a>
					<a href="http://www.vultr.com/?ref=6885244">
						<img src="https://secwiki.b0.upaiyun.com/vultr.png" width="100" border="0" alt="vultr">
					</a>&nbsp;&nbsp;
			</div>
		</div>
</div><!-- footer -->
<div id="csswithjs">
        <script type="text/javascript">
            var _bdhmProtocol = (("https:" == document.location.protocol) ? " https://" : " http://");
            document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3Fbad84ea1f314383f8da7949aad5c2199' type='text/javascript'%3E%3C/script%3E"));
    </script>
</div>
<script type="text/javascript" src="https://secwiki.b0.upaiyun.com/js/bs.min.js"></script>
<script type="text/javascript">
/*<![CDATA[*/
jQuery(function($) {
jQuery('[data-toggle=popover]').popover();
jQuery('body').tooltip({"selector":"[data-toggle=tooltip]"});
jQuery('#yii_bootstrap_collapse_0').collapse({'parent':false,'toggle':false});
});
/*]]>*/
</script>
</body>
<!-- page -->
</html>
